• Default Alternative Text

    Cybersecurity Support Portal

    We address cybersecurity vulnerabilities and incidents in order to support the security and safety of our installed solutions, protecting our customers and the environment.

    Read our policy

Date Product Description Products and versions affected More information
Date Product Description Products and versions affected More information
2017/03/02 VAMPSET Memory Corruption v2.2.189 and prior Security Notification – VAMPSET
2017/03/27 Wonderware InTouch Access Anywhere Cross-Site Request Forgery, Information Exposure, Inadequate Encryption Strength v11.5.2 and prior LFSEC00000114
2017/05/26 Samba Vulnerability Remote code execution All versions after 3.5 Security Notification – Samba Vulnerability
2017/05/15 Customers running Windows OS WannaCry Ransomware Attack All versions Security Notification – WannaCry Ransomware Attack
2017/04/28 Wonderware Historian Client XML Injection Vulnerability v2014 R2 SP1 and prior LFSEC00000120
2017/03/01 SCADA Expert ClearSCADA  Denial of Service v2015 R2 and prior Security Notification – SCADA Expert ClearSCADA 
2016/12/27 PlantStruxure PES License Manager Buffer Overflow All versions Security Notification – PlantStruxure PES License Manager
2016/12/27 PlantStruxure PES Software Arbitrary Code Execution All versions Security Notification – PlantStruxure PES Software
2016/10/28 Magelis HMI Denial of Service and Loss of Communications Multiple products, see notification Security Notification - Magelis HMI
2016/10/26 Connexium Firewall Buffer Overflow ConneXium Firewall, all versions Security Notification - Connexium Firewall
2016/10/14 Unity PRO Software Remote Code Execution using Unity Simulator Unity PRO, all versions prior to V11.1 Security Notification - Unity Simulator
2016/09/27 PM800 ECC Power Meter Unauthenticated Access PowerLogic PM8ECC, all firmware versions up to 2.651 Security Notification - PM800 ECC Power Meter
2016/06/10 SoMachine HVAC Programming Software Remote Code Execution SoMachine HVAC Programming Software v2.0.2 Security Notification - SoMachine HVAC Programming Software
2016/06/01 Pelco Digital Sentry Remote Code Execution Digital Sentry versions prior to 7.13 Security Notification - Pelco Digital Sentry
2016/03/14 Pro-Face GP-Pro EX Multiple Vulnerabilities GP-Pro EX, see disclosure Security Notification - Pro-Face GP-Pro EX
2016/03/12 SAGE RTU Improper Ethernet Frame Padding SAGE RTU, see disclosure Security Notification - SAGE RTU
2016/02/29 MiCOM Px30 and Px40 Protective Relay Integer Overflow MiCOM Px30 and Px40, all versions Security Notification - MiCOM Protection Relays
2016/02/17 ConneXium Managed Switch Password synchronization issue See disclosure Security Notification - ConneXium
2016/02/04 ConneXium Lite Managed Switch Unauthorized upload of firmware TCSESL043F23F0, and versions 01.01 and all previous versions Security Notification - ConneXium
2016/01/25 StruxureWare Building Operations Weak Credentials and OS Command Injection Automation Server series (AS, AS-P), V1.7 and prior Security Notification - SBO Automation Server
2016/01/20 Altivar Drives Modification of Drive Parameters See disclosure Altivar, Cyber security Information and Guidance (01/2016)
2016/01/11 MiCOM C264 Integer Overflow See disclosure Security Notification - MiCOM C264
2015/12/10 M340 PLC Buffer Overflow See disclosure Security Notification - GoAhead Web Server Vulnerability
2015/11/25 ProClima SW Remote Code Execution ProClima, all versions prior to V6.2 Security Notification - ProClima Software
2015/09/11 Struxureware Building Expert Cleartext Data Transmission Struxureware Building Expert, prior to version 2.15 Security Notification - Struxureware Building Expert
2015/09/08 InduSoft Web Studio Multiple vulnerabilities InduSoft Web Studio V7.1.3.6 and previous versions Security Notification - InduSoft Web Studio Vulnerabilities
2015/08/21 Modicon M340 PLC Remote File Inclusion See disclosure Security Notification - Modicon PLC Web Servers
2015/07/30 DTM for IMT25 Magnetic Flow Buffer Overflow IMT25 DTM V1.500.000 and previous Security Notification - DTM for IMT25 Magnetic Flow
2015/07/15 ConneXium Managed Switch Authentication Bypass ConneXium Managed Switch, see disclosure Security Notification - ConneXium Managed Switches
2015/06/23 Wonderware InTouch, AppServer, Historian, SuiteLink Binary Planting Wonderware System Platform 2014 R2 and earlier LFSEC00000106
2015/06/23 PowerChute Business Edition Cross Site Scripting PCBE Agent V9.0.3 FA247020 
2015/06/11 SAGE RTU TCP Sequence Number Predictability See disclosure Security Notification - SAGE RTU
2016/12/08 Data Center Expert Software Storage of passwords 7.3.1.114, 7.2.4 and earlier versions Security Notification – Data Center Expert
2016/11/30 Power Monitoring Expert and PowerSCADA Expert Software Flexera License Manager Component Buffer Overflow See disclosure Security Notification – Power Monitoring Expert and PowerSCADA Expert
2016/11/29 Vijeo Citect, Citect SCADA, Vijeo Historian, and Citect Historian Flexera License Manager Component Buffer Overflow See disclosure Security Notification – Vijeo Citect, Citect SCADA, Vijeo Historian, Citect Historian
2015/05/13 OPC Factory Server (OFS) DLL Hijacking V3.5 and all previous versions Security Notification: OPC Factory Server (OFS)
2015/04/10 InduSoft Web Studio Cleartext Project Window Password Storage 7.1.3.4 and all previous versions Security Notification - InduSoft Web Studio
2015/03/25 VAMPSET Software Buffer Overflow 2.2.145 and all previous versions Security Notification - VAMPSET Software
2015/03/06 Pelco DS-NVs Video Management Software Buffer Overflow 7.6.32 and all previous versions Security Notification - Pelco DS-NVs Video Management Software Vulnerability
2015/02/23 InduSoft Web Studio Multiple Vulnerabilities 7.1.3.2 and all previous versions Security Notification - InduSoft Web Studio Vulnerabilities
2015/02/23 InTouch Machine Edition 2014 Multiple Vulnerabilities 7.1.3.2 and all previous versions Security Notification - InTouch Machine Edition Vulnerability Disclosure
2015/02/20 DTM Software for SRD 960 and SRD 991 Control Valve Positioners Stack Buffer Overflow 3.1.6 and all previous versions Vulnerability Disclosure for SRD960 and SRD991 Valve Positioner DTM
2015/01/09 SoMove, Unity, SoMachine Insecure DLL in FDT1 DTM Setup See attached Security Notification - FDT V1.2 DTMs
2015/01/08 ETG 3000 FactoryCast Gateway Multiple Vulnerabilities TSXETG3000 all versions TSXETG3010 all versions TSXETG3021 all versions TSXETG3022 all versions Vulnerability Disclosure - ETG3000 FactoryCast HMI Gateway
2017/01/11 HomeLYnk Controller Cross-Site Scripting All versions prior to V1.50 Security Notification – homeLYnk Controller
2017/02/17 M340 Controller Resource Exhaustion All versions prior to V2.9 Security Notification – M340 Controller 
2017/02/13 Wonderware Tableau Server Privilege Escalation Tableau Server versions 7.0 to 10.1.3 LFSEC00000119
2017/02/17 M221/M241 Controller Demonstration of exploit at RSA Conference All versions Security Notification – M221_M241 Controller
2017/02/21 HomeLYnk Controller Command Injection v1.5.1 and prior Security Notification – HomeLYnk Controller
2017/02/21 Conext ComBox Denial of Service v3.03 BN 830 and all firmware versions prior Security Notification – Conext ComBox
2017/03/06 Modicon PLC Improper session key implementation 171CBU98090 - All versions 171CBU98091 - All versions Security Notification – Modicon Family of PLCs
2017/03/17 IGSS Pelco Viewer DLL hijacking v11 and prior Security Notification – IGSS Software
2017/03/16 Modicon TCP Predictability M221/M241/M251 Security Notification – Modicon M221/M241/M251
2017/03/16 Modicon Authentication Bypass (session cookie) M241/M251 Security Notification – Modicon M241/M251
2017/03/16 Modicon Authentication Bypass (credentials) M241/M251 Security Notification – Modicon M241/M251
2017/03/24 PowerSCADA Expert Licensing Brick Denial of Service 171CBU98090 - All versions 171CBU98091 - All versions Security Notification – PowerSCADA Expert Licensing Brick
2017/03/24 PlantStruxure PES License Manager Denial of Service v11 and prior Security Notification – PlantStruxure PES License Manager
2017/03/24 Citect Floating License Manager Denial of Service SCADA Expert Vijeo Citect / CitectSCADA- V7.30, 7.40, 7.50, 8.0 Vijeo Historian/Citect Historian –V4.40, 4.50, 4.60, Citect Anywhere Security Notification – Citect Floating License Manager
2017/03/31 IGSS Software DLL Hijacking v12 and prior Security Notification – IGSS Software
2017/03/31 Wonderware InduSoft Web Studio Privilege Escalation v8.0 Patch 3 and prior Security Notification – Wonderware InduSoft Web Studio
2017/04/07 SoMachine Basic Hardcoded Password-Fixed Key v1.5 and prior Security Notification – SoMachine Basic
2017/04/07 Modicon M221 / SoMachine Basic Weak Authentication/Authorization v1.5.0.1 of Modicon M221 firmware and prior and v1.5 of SoMachine versions and prior Security Notification – Modicon M221_SoMachine Basic
2017/05/05 SoMachine HVAC Programming Software Buffer Overflow SoMachine HVAC v2.1.0 Programming Software for M171/M172 Controllers Security Notification – SoMachine HVAC Programming Software
2017/05/05 SoMachine HVAC Programming Software DLL Hijacking SoMachine HVAC v2.1.0 Programming Software for M171/M172 Controllers Security Notification – SoMachine HVAC Programming Software
2017/06/20 Citect Anywhere Cross site request forgery, outdated cipher suites, arbritrary server target nodes, escaping Citect app v1.0 Security Notification – Citect Anywhere
2017/06/15 Crash Override/Industroyer Malware Module Customers leveraging IEC870-5-101, IEC870-5- 104, IEC61850, and OPC DA Protocols Security Notification – Crash Override
2017/06/22 PowerSCADA Anywhere Cross site request forgery, outdated cipher suites, arbritrary server target nodes, escaping application Version 1.0 of PowerSCADA Anywhere redistributed with PowerSCADA Expert v8.1 and v8.2 Security Notification – PowerSCADA Anywhere
2017/06/27 U.motion Builder Software SQL injection, Path Traversal, Authentication Bypass, Hard-Coded Password, Improper Access Control, Denial of Service, Information Disclosure v1.2.1 and prior Security Notification – U.motion Builder Software
2017/06/28 Petya Ransomware attacks Customers who have not applied MS17-010 patch Security Notification – Petya Ransomware
2017/06/30 Wonderware ArchestrA Logger Stack-based buffer overflow, uncontrolled resource consumption, null pointer dereference v2017.426.2307.1 and prior LFSEC00000116
2017/06/30 Ampla MES Cleartext Storage of Sensitive Information, Use of Password Hash with Insufficient Computational Effort v6.4 and prior LFSEC00000118
2017/07/14 Pro-face GP-Pro EX Arbitrary code execution Version 4.07.000 Security Notification – Pro-face GP-Pro EX
2017/07/18 Trio TView Software Java Runtime Environment vulnerabilities v3.27.0 and prior Security Notification – Trio TView Software